Heartbleed

Need help or want to hear about latest Tech stuff? It's probably in here!

Moderator: Claw

Post Reply
Claw
GSV Spammer
Posts: 2942
Joined: Fri Aug 25, 2006 12:41 am
Contact:
Contact Claw

Post by Claw »

Some read-up's. . .

<a href="http://heartbleed.com/" target="_blank"> Heartbleed site</a>

<a href="http://techcrunch.com/2014/04/08/what-i ... the-video/" target="_blank">Heartbleed talkie</a>

Probably one of the best "simply put" explanations of the Heartbleed bug. . .

<!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->Simply put, The Heartbleed OpenSSL exploit can allow hackers to listen to data that you send over channels that are supposed to be encrypted. Therefore, anything you said or typed while using a supposedly encrypted site could have been collected by snoops. While it’s unlikely that you personally have been hacked, it’s prudent to take steps. At this point, it’s really not clear how many people have actually been burned. Possibly nobody, and possibly many.

Practical advice about what you can do to protect yourself:

1. Avoid entering any personal data into encrypted sites for a few days to allow the vulnerable sites to be fixed. For now, don’t log in to any sites (not even to change your password) as this could pass your credentials to hackers. Many sites are already fixed and I assume that the bulk of the affected sites will be fixed shortly.

2. Install a password manager and learn out how to use it. I recommend Lastpast, Roboform, or KeePass 2. I use LastPass and they have some excellent videos on their site that show how it works. Nothing is 100% secure or safe, but these three password managers are safe enough for your purposes.

3. After a few days (A week?), log on and change your passwords for any sites that store your data (including Facebook). Use strong and unique passwords for all of these important sites. The password manager will offer to store the passwords for you so you don’t have to worry about remembering them. Password managers can also generate secure passwords for you. If you don’t want to use password manager, get a notebook and write down the passwords. Store the notebook away safely.

4. Carefully monitor your bank accounts and credit cards for the next while. Note that this gaping security canyon has existed for 2 years now which gives the snoops (NSA included) plenty of time to collect heaps of personal information. You can test any site on (http filippo.io/Heartbleed) but keep in mind that any given site may have previously been compromised and could have stolen your data the last time you logged on. For example Flickr was vulnerable but is now fixed. Yahoo currently shows as compromised.

Go here for a great primer on how to choose secure passwords. <a href="https://www.schneier.com/blog/archives/ ... ure_1.html" target="_blank">https://www.schneier.com/blog/archives/ ... _1.html</a> <!--QuoteEnd--></div><!--QuoteEEnd-->
Just be a nutter... life becomes much more exciting, and people won't expect anything more of you...
Top
Post Reply

Return to “Tech Talk”